services:
  wazuh.manager:
    image: docker.io/wazuh/wazuh-manager:4.14.1
    container_name: wazuh-prod-1-manager
    hostname: wazuh.manager
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 655360
        hard: 655360
    ports:
      - "1514:1514"
      - "1515:1515"
      - "514:514/udp"
      - "55000:55000"
    environment:
      - INDEXER_URL=https://wazuh.indexer:9200
      - INDEXER_USERNAME=${INDEXER_USERNAME:?error}
      - INDEXER_PASSWORD=${INDEXER_PASSWORD:?error}
      - FILEBEAT_SSL_VERIFICATION_MODE=full
      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
      - SSL_KEY=/etc/ssl/filebeat.key
      - API_USERNAME=${API_USERNAME:?error}
      - API_PASSWORD=${API_PASSWORD:?error}
    volumes:
      - wazuh_api_configuration:/var/ossec/api/configuration
      - wazuh_etc:/var/ossec/etc
      - wazuh_logs:/var/ossec/logs
      - wazuh_queue:/var/ossec/queue
      - wazuh_var_multigroups:/var/ossec/var/multigroups
      - wazuh_integrations:/var/ossec/integrations
      - wazuh_active_response:/var/ossec/active-response/bin
      - wazuh_agentless:/var/ossec/agentless
      - wazuh_wodles:/var/ossec/wodles
      - filebeat_etc:/etc/filebeat
      - filebeat_var:/var/lib/filebeat
      - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
      - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
      # --> (Optional) For custom rules
      # - ./config/rules/local_rules.xml:/var/ossec/etc/rules/local_rules.xml:ro
      # <--
    # --> (Optional) When using traefik
    # networks:
    #   - frontend
    # <--
    # --> (Optional) When using a separate backend network
    #   - backend
    # <--
    restart: unless-stopped

  wazuh.indexer:
    image: docker.io/wazuh/wazuh-indexer:4.14.1
    container_name: wazuh-prod-1-indexer
    hostname: wazuh.indexer
    ports:
      - "9200:9200"
    environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    volumes:
      - wazuh-indexer-data:/var/lib/wazuh-indexer
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
      - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
      - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
      - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
      - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
      - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
    # --> (Optional) When using traefik
    # networks:
    #   - frontend
    # <--
    # --> (Optional) When using a separate backend network
    #   - backend
    # <--
    restart: unless-stopped

  wazuh.dashboard:
    image: docker.io/wazuh/wazuh-dashboard:4.14.1
    container_name: wazuh-prod-1-dashboard
    hostname: wazuh.dashboard
    # --> (Optional) Remove the port mapping when using traefik
    ports:
      - 4443:5601
    # <--
    environment:
      - INDEXER_USERNAME=${INDEXER_USERNAME:?error}
      - INDEXER_PASSWORD=${INDEXER_PASSWORD:?error}
      - WAZUH_API_URL=https://wazuh.manager
      - DASHBOARD_USERNAME=${DASHBOARD_USERNAME:?error}
      - DASHBOARD_PASSWORD=${DASHBOARD_PASSWORD:?error}
      - API_USERNAME=${API_USERNAME:?error}
      - API_PASSWORD=${API_PASSWORD:?error}
    volumes:
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
      - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
      - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
      - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
      - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
    # --> (Optional) When using traefik
    # labels:
    #   - traefik.enable=true
    #   - traefik.docker.network=frontend
    #   - traefik.http.routers.wazuh-prod-1-https.entrypoints=websecure
    #   - traefik.http.routers.wazuh-prod-1-https.rule=Host(`wazuh-prod-1.srv-prod-1.home.clcreative.de`)
    #   - traefik.http.routers.wazuh-prod-1-https.tls=true
    #   - traefik.http.routers.wazuh-prod-1-https.tls.certresolver=cloudflare
    #   - traefik.http.services.wazuh-prod-1-service.loadbalancer.server.port=5601
    #   - traefik.http.services.wazuh-prod-1-service.loadbalancer.server.scheme=https
    # networks:
    #   - frontend
    # <--
    # --> (Optional) When using a separate backend network
    #   - backend
    # <--
    depends_on:
      - wazuh.indexer
    restart: unless-stopped

# --> (Optional) When you need to use an SMTP relay for email notifications, and authentication is required
# postfix:
#   image: docker.io/mwader/postfix-relay:1.2.2
#   environment:
#     - POSTFIX_myhostname=postfix
#   volumes:
#     - ./config/postfix-relay/main.cf:/etc/postfix/main.cf:ro
#     - ./config/postfix-relay/sasl_passwd:/etc/postfix/sasl_passwd:rw  # <-- (Optional) Remove when using inline credentials
#     - postfix_data:/etc/postfix
#   networks:
#     - backend
#   restart: unless-stopped
# <--

volumes:
  wazuh_api_configuration:
  wazuh_etc:
  wazuh_logs:
  wazuh_queue:
  wazuh_var_multigroups:
  wazuh_integrations:
  wazuh_active_response:
  wazuh_agentless:
  wazuh_wodles:
  filebeat_etc:
  filebeat_var:
  wazuh-indexer-data:
  wazuh-dashboard-config:
  wazuh-dashboard-custom:
  # --> (Optional) When you need to use an SMTP relay for email notifications, and authentication is required
  # postfix_data:
  # <--

# --> (Optional) When using traefik
# networks:
#   frontend:
#     external: true
# <--
# --> (Optional) When using a separate backend network
#   backend:
#     external: true
# <--
